Remote working can be a blessing. More time spent with the family, less time commuting and sitting through meetings from the comfort of your own home. But as companies across Australia continue to offer flexible work environments to prevent the spread to COVID-19, it is important to understand the security and privacy risks that both the business and employees may encounter.

Employees who are usually protected by corporate networks are working from much less secure locations, and cybercriminals have used COVID-19 as an opportunity. The Australian Cyber Security Centre (ASCS) has seen a significant increase in Australians being targeted with COVID-19 related scams, and advised everyone to stay aware and up-to-date. To help you get started, here are three things you could do to protect both your employees and the business.

Implement multi-factor authentication

According to the Australian Government, multi-factor authentication (MFA) is considered to be one of the most effective controls you can implement to prevent unauthorised access to computers, applications and online services. Using multiple layers of authentication makes it much more challenging to access your systems.

Multi-factor authentication can use a combination of:

Something the user knows, whether it be a passphrase, PIN or an answer to a secret question

Something the user physically possesses such as a card, token or a security key

Something the user inherently possesses such as a fingerprint or retina pattern.

Update your software & operating systems

Often software updates for operating systems and applications are developed to address security issues. Updates often include new security features that protect your data and device. Quite often cybercriminals take advantage of software vulnerabilities in common applications like operating systems and browsers.

Here are some best practices when it comes to software and operating system updates:

Stay current: software vendors release updates regularly and many of them relate to important security issues. Appoint someone to be in charge of staying on top of these updates.

Keep up with regular maintenance tasks: appoint someone to be in charge of keeping software licenses up to date and keeping software current.

Automate what you can: this will lessen the burden in the long run.

Back up everything: if you experience any crashes while updating you’ll be glad you did.

Outsource a Managed IT Service Provider (MSP)… like us!

Managed IT Services are a subscription-based outsourcing of IT systems management for businesses, which also includes the management of other IT processes and functions intended to improve business operations and reduce costs.

The goal of managed IT services is to help your business run more effectively by transferring the burden of managing and maintaining your IT software, hardware and environment to us—the managed IT service provider. As your IT managed service provider we then maintain responsibility for the day-to-day maintenance, upkeep and functionality of your IT service, equipment and overall infrastructure, as well as any short or long-term IT strategy and expansion.

Partnering with an MSP offers many benefits to your business. Some of these include:

Minimised downtime and cost reductions: with 24/7 proactive monitoring of your IT systems, we’re able to identify and address any issues before they cause damage, interruptions to your business or financial loss.

Security: with over 43% of cyber attacks targeting small to medium businesses, it’s vital vulnerability assessments, threat management and secure user access and verification become a commonplace for your business. We’re always working with leading technology vendors and testing the latest world-class technology, tools, systems and security to deliver the best and safest IT solutions.

Peace of mind knowing that no matter where you are or what issue arises, you have skilled professional IT experts in your corner who are prepared and ready to help you.

In light of the COVID-19 pandemic, businesses continue to adapt to the fast-changing environment and develop strategies to protect their business and staff from cyber attacks. Here at eStorm, we encourage Australians to remain vigilant and to review your current strategies to ensure you incorporate cyber security measures.

In these ever-changing times, the ability for an organisation to adapt and change is what will allow you to stand out from competitors, continue to serve customers, and ensure you maintain momentum. With the current COVID-19 pandemic, we are seeing more and more businesses prepare for social distancing by setting up their systems to allow for remote work and collaboration. At eStorm, we’ve been supporting our customers to ensure they are set-up and using Office 365 to its full potential.

Whether working on a PC, Mac or mobile device from home or in the office, Office 365 is providing workplaces with the tools to continue driving efficiency and productivity. Here are just a few ways Office 365 can support your business in working remotely:

Real-time collaboration

For businesses to continue operating and supporting customers, collaboration on projects and tasks needs to continue. Office 365 provides multiple tools to ensure collaboration doesn’t stop when teams are working remotely. The Microsoft Office suite most of you are used to gives you the ability to have more than one person working on a Word document or Excel file at the same time, and be able to see each other’s work — great for collaboration.

To take it to the next level, there are also a number of newer tools such as SharePoint, Skype for Business and Teams — all designed to help your organisation achieve its goals and provide greater opportunities for workplaces when working remotely.

Teams

Teams is a Microsoft Office 365 tool that allows you to keep your teams communicating, collaborating and working together no matter what location they’re in! The Teams tool is used by businesses to support teams of all sizes, from small teams of 2-5, to large teams of 20-30, even to bigger groups of 100+. No matter the size of your team, Teams provides a great option for organising projects and getting the right people together to have conversations and meetings.

Teams also works as a way of recording and tracking conversations, and offers an easy format for online meetings and chat sessions. Over the last few weeks, we’ve seen more and more businesses take advantage of Teams to ensure they are delivering projects, communicating in a timely manner and continuing to achieve their organisation’s goals.

Microsoft is currently offering a free version of Teams during the COVID-19 pandemic — learn more about the free version and speak to us about how we can support you to set-up Teams today.

A simple tip for your employees when using Teams to facilitate group chats while working remote — if you’re somewhere with a distracting background, there is a handy little ‘background blur’ tool to help reduce distraction and keep teammates focused.

Secure Cloud file storage

Office 365 also allows your team to access files from anywhere, in a secure and safe manner. The cloud-based storage, OneDrive, provides global accessibility and real-time collaboration to support your business in working both in-house and remote as needed. It allows for full visibility, control and collaboration for internal and external stakeholders, as you can easily share documents and control who can view and edit each file.

Continuation of business

The huge benefit of Office 365 to businesses is that it offers an easy way to continue ‘business as usual’ no matter what challenges may come your way. The tools are there to help your teams collaborate, plan workflows and tasks, and manage projects. With Office 365, your business can continue to meet its goals and deliver services/products to your customers.

Need help to get your business working remote using Office 365?

At eStorm, we offer Office 365 support and troubleshooting, as well as deliver general IT Managed Services. What does that mean exactly? With a wide range of plans, deployment options and services, our IT experts can get your business set up and working efficiently in no-time. With access to the latest information and deals on offer, our team is here to support you during the COVID-19 pandemic and into the future.

What is Two-factor / Multi-factor Authentication?

Put simply, two-factor authentication (2FA) or multi-factor authentication (MFA) is an additional layer of security that aims to address the vulnerabilities that a standard single password system can have.

With a standard username and password only system, it’s relatively easy to fall prey to cyber criminals and other nefarious parties. Think of the rudimentary username and password combination as having only a single line of defense.

Two-factor Authentication or Multi-factor Authentication adds a second line of defence by introducing an additional step to verify who you are. Instead of immediately gaining access to an account or information after entering a username and password, an MFA requires an additional piece of information.

This second layer of protection comes from one of the following categories:

Something you have: Most commonly a user would have something in their possession which can be used to verify their authenticity. This can come in the form of a smartphone, text message or a hardware token.

Something you know: This could be an answer to a secret question, a personal identification number (PIN) or even a specific keystroke pattern.

Something you are: This is the most advanced form of 2FA and can include voice prints, iris scans and most commonly a fingerprint.

This second layer makes gaining access to accounts and information incredibly difficult as a compromise of one of the factors won’t be enough to unlock an account.

Why use Two-factor Authentication / Multi-factor Authentication?

With more of our business happening online, through mobile devices and computers, it’s easy to see why our digital accounts and information have become a target for criminals and other parties.

Malicious attacks, data breaches, hacks and other cybercrimes are becoming more common with massive increases in the number of sites and organisations losing the personal data of their users.

As cybercriminals develop more sophisticated and advanced ways for gaining access to information and data, it’s clear to see that old security systems are simply no match.

These issues aren’t reserved for the Facebooks and Googles of the business landscape, but for global companies, start-ups, small businesses, nonprofits and organisations of all sizes. Data breaches, often times even caused by simple human error, result in severe reputational and financial losses.

A recent study revealed that in 2016 over $16 billion was taken from 15.4 million U.S. consumers as a result of data breaches and an additional $107 billion from identity theft.

Who uses Two-factor Authentication / Multi-factor Authentication?

One of the most common users of two-factor authentication are businesses of all sizes. Organisations are able to significantly reduce the likelihood of phishing scams, as criminals are unable to gain access to login information and other secure data with usernames and passwords alone.

Likewise, we see organisations who aim to keep their own data and information confidential and secure, as well as that of their customers and clients, use MFA to reduce their risk of data breaches and as a form of value add for their clients.

Why Multi-factor Authentication is important for your business

Attempts to steal legitimate user or administrative credentials happens frequently when a party is able to compromise a network. These credentials allow them to easily propagate on a network and conduct malicious activities without the need for additional exploits, which significantly reduces the likelihood of them being detected.

When two-factor or multi-factor authentication is properly implemented throughout an organisation, the ability to steal a complete set of credentials becomes much more difficult. The user has to prove they are allowed access using something they have (physical token), something they know (PIN) or something they are (fingerprint scan).

It is vitally important that multi-factor authentication be implemented correctly in order to actually reduce security vulnerabilities and not simply create a false sense of network security.

An example of this would be when MFA is used for remote access solutions within an organisation, but not for corporate workstations. An unknown party could compromise the username and password from a device used for remote access and then use it to authenticate locally to a workstation or to propagate within a network after compromising the initial workstation on the network. In this case, multi-factor authentication for remote access is better than just a username and password, but doesn’t negate the requirement for properly defended devices to be used as part of a comprehensive remote access solution.

If you’d like to learn more about how we can help you with two-factor authentication / multi-factor authentication, please call us at any time on 07 3120 0640 or email us at [email protected]

Trying to remember your password for every website, portal, tool and piece of software is borderline impossible. Some organisations like to solve this problem by using a very simple and memorable password, variations of the same password, or worse – the exact same password for everything! That’s just asking for trouble.

Simple and memorable passwords are very easy for hackers to gain access to with a staggering 81% of breaches caused by weak or reused passwords. Even using a very strong password, but used across many sites and logins, means a single breach on one site or platform can compromise your information everywhere else. That’s where a password manager comes in.

What is a Password Manager?

The average enterprise uses 91 services! Skype, Slack, OneDrive, Dropbox, Social media channels, CRM, marketing software, sales automation, online store, website, mail client – the list goes on and on. With more accounts than you can possibly recall, how are you supposed to remember strong, unique passwords for all of them? The simple answer is you can’t – but a password manager can.

A password manager is an application that creates, remembers and automatically fills in your passwords for you. Log in to an account one time, or manually add log in information to your password manager, and it will automatically store your username and password. All your passwords are stored in an encrypted format, which means they’re safe and protected. A password manager provides fast, secure and easy access to all your stored passwords with the help of a single master password.

A password manager can be incredibly beneficial for any business that wants to boost security, simplify the onboarding and offboarding process, as well as help employees manager their passwords more effectively.

Why is this important?

Passwords are essential

No one needs to be told that passwords are important – we all know this. But it’s important to remember that your password is your first line of defence. Put simply, no matter what service it is that you’re using, the security is often times only as good as the password that you’ve set.

Making a very strong password is often complicated. A password manager really takes a lot of the pain out of the process and makes an often complicated and time consuming process simple and easy. A password manager does this by creating and remembering a new, strong and complex password for you that is much stronger than anyone could come up with.

Unique

Creating a solid, complex and secure password is great – but if it’s not unique it’s pointless, which is so often overlooked.

A site or application’s security is only as good as the password you use, which means a site’s security could be worse than your password! If you’re using the same strong password across multiple sites, accounts and applications, then those sites and services with inadequate security could endanger your information in places that are serious about security.

Account volume

Lets face it – you have more accounts than your team can handle, we all do. The average organisation uses 91 services, which means that even if you created unique passwords for all of them, you’d never be able to remember them all.

One study found that people had an average of 37 password reset emails in their inboxes. 37 times someone forgot their password. 37 times someone had to undergo the tedious reset password process and create a brand new unique password.

With an enterprise level password manager, the need to reset passwords is completely removed. Likewise, when one person forgets the password, they aren’t resetting an account password that everyone else then needs to update.

Simplicity

Password managers significantly increase your security while also simplifying your life… how often does that happen!?

A password manager requires you to remember a single password – that’s it – then it does the rest. No more trying to remember if it was a capital letter in this password, or a 3 instead of a capital E – and best of all, no more password resets!

What makes a great Password Manager?

Usability

A password manager, particularly in a business context, isn’t effective if no one is using it. In order to ensure employees adopt the use of a password manager, it must be intuitive and easy to use.

A great password manager is:

Efficient: must be able to be used to complete tasks quickly and easily

Effective: should help users achieve specific goals

Engaging: the UI (User Interface) and UX (User Experience) should be pleasant and satisfying to use

Easy to learn: simple enough to be picked up and easily understood without deliberate effort

Error tolerant: should be designed to prevent errors and help users recover from errors that do occur\

Likewise, a password manager in a business environment must be usable cross platform and compatible with different operating systems and devices.

Simple Onboarding and Offboarding

A simple onboarding and offboarding process helps your organisation save time and money.

Likewise, when an employee leaves your company, it is important that your password manager has the ability to revoke their access to work related passwords and data. According to a SailPoint Market Report, more than 2 in 5 employees reported have access to a variety of corporate accounts after leaving their last job.

The report concluded that an efficient onboarding and offboarding process helps prevent some of the internal security risks with provisioning and application usage.

Administrative Controls & Monitoring

Your password manager should offer tools that enable you to oversee your employees’ use of the program. This means monitoring features such as dashboards, delegated administration, team sharing, role-based permissions, analytics and auditing.

These tools should enable you to enforce all organisational password policies and aid in regulatory compliance. It is however important to note that your password manager’s monitoring tools should not compromise the privacy of your employees.

Password Sharing

Password sharing is a very standard office operation. However, the methods via which employees use to share those passwords, such as email and internal chat programs, are not safe from hackers.

An enterprise level password manager enables employees to share passwords in a secure, convenient and efficient way. Administrative tools should allow you to share passwords on a temporary basis or with full access.

Likewise, these shared credentials should update automatically so that all other team members continue their access.

Security

Arguably the most important aspect of your password manager. The current recommended method of encryption for password protection is Advanced Encryption Standard (AES) with a 256-bit key length. This method has been deemed secure enough to protect the United States Government’s most highly classified data.

Be sure to utilise a password manager which uses a zero-knowledge protocol in its security architecture. This allows the employee full, exclusive control over the encryption and decryption of their data via a Master Password. This Master Password should never be stored on the password manager’s server or anywhere in the company’s network.

Additionally, your password manager should alert you and all employees in the event a data breach occurs.

For over 15 years eStorm Australia has been partnering with business, education and government as their trusted Managed IT Services provider and single source supplier. Our team of specialists deliver superior on-site and remote services tailored to suit your specific requirements.

As a proud member of the Apple Consultant Network, as well as being one of the most accomplished Apple IT Services firms in Australia, a great deal of our time is spent helping organisations integrate Apple Services into their business IT solutions. Here you can learn more about how we introduce Apple into businesses in a strategic and cost-effective way.

We want you to get the most out of your hardware and software, so we put together 5 interesting Mac features you might not know about that could be improving your Mac use.

eStorm Australia is an IT managed service provider headquartered in Brisbane. We partner with your business and provide IT solutions and services that suit your specific requirements. Our solutions include a variety of services that are critical to overall business success and competitive advantage.

CeBIT Australia is the focal point for the Asia Pacific business and technology industry comprised of both an exhibition – for organisations to showcase their solutions and capabilities to a domestic and international audience of decisions makers for enterprise, SMEs and government – and conference – where attendees are able to maximise their learning and networking opportunities with captains of industry, who cover cloud computing, big data and analytics, cyber security and eGovernment.

CeBIT Australia 2018 provides a wealth of knowledge from many highly regarded representatives in tech and business, such as the Country Director for Google Cloud Aus and NZ, Global Senior Director of Social Media for Lego, CEO and Managing Director of Yamaha, CTO of TOLL, the Head of Aus and NZ from Stripe, Executive Director and Head of Emerging Tech of CommBank, CEO of Airtasker, CEO of Yahoo, Google’s Managing Director for Aus and NZ, BHP Global Information Security Officer, AGL’s CTO and the COO of Telstra just to name a few, as well as many other highly regarded representatives of tech and communications companies, banks and government departments.

Coupled with the 250+ exhibitions, which include organisations of all sizes and disciplines, from startups, to big data, communications, software, hardware, education, security and cloud, CeBIT Australia 2018 really showcases the best of business and tech in the Asia Pacific region.

This is the kind of thing we get really excited about – events like CeBIT Australia provides us with even more learning opportunities, as well as a wealth of information and solutions that we’re able to take directly to our clients in order to help them grow, remain competitive and solve their industries most difficult problems. We love to keep our finger on the pulse and immerse ourselves in the exciting current and future developments in tech so we are able to better serve our clients and help improve their businesses.

According to NetMarketShare’s January 2018 data, 42.39% of users are still using Windows 7, even though on January 13, 2015 Microsoft discontinued mainstream support for Windows 7. This meant that they no longer provided non-critical security updates, design changes or complimentary support for the operating system to end users.

Now the discontinuation of extended support also draws near. On January 14 2020, Microsoft will discontinue extended support for Windows 7, which means they will no longer provide updates, bug fixes or paid support for businesses using the operating system. This date announcement is important as it gives businesses that are still running Windows 7 the opportunity to upgrade to Windows 8.1 or Windows 10 (Windows 10 is the recommended upgrade as it is Microsoft’s latest OS and is still within the 5 year mainstream support period).

Why should I upgrade?

There are several risks in not upgrading your OS once the extended support ends.

Malware

Malware, which is software that is specifically designed to disrupt, damage, or gain authorized access to a computer system, is particularly pernicious. When Microsoft discontinues extended support, systems running Windows 7 will become significantly vulnerable to un-patched security risks within the OS and applications it runs. This means that upgrading will become essential to remain protected against the massive amount of malware samples that hit the web each day, not to mention the billions of malware samples that already exist.

Ransomware

Ransomware, a type of malicious software designed to block access to a computer system until a sum of money is paid, is another significant concern – particularly following 2017’s WannaCry attack and the various ransomware attacks that followed.

The WannaCry ransomware attack was a May 2017 worldwide cyberattack by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in Bitcoin. It propagated through EternalBlue, an exploit in older Windows systems. While Microsoft had released patches previously to close the exploit, much of WannaCry’s spread was from organizations that had not applied these, or were using older Windows systems that were past their end-of-life.

Thankfully the attack was stopped within a few days of its discovery due to emergency patches released by Microsoft, and the discovery of a kill switch that prevented infected computers from spreading WannaCry further. However, the attack was estimated to have affected more than 200,000 computers across 150 countries, including businesses, universities, hospitals, banks and police with total damages ranging from hundreds of millions to billions of dollars.

While it is important to note that upgrading your OS to the latest versions and keeping patches up-to-date does not make you invulnerable, it is always best to maximise your defences as unpatched systems are vulnerable.

If you’d like to find out how we can help your business, or if you require any further information, assistance with your IT needs or you simply don’t know where to start – please feel free to call us on (07) 3120 0640 or email us at [email protected]

With more industries and business operations becoming increasingly computerised, the need to keep information safe and secure from an ever increasing variety of sophisticated threats and potential liabilities is now more important than ever before.

An unidentified IT issue has brought Sydney Airport to a standstill this morning as the airport was forced to halt the processing of outbound passengers to deal with the issue.

The IT issue came to light early Friday morning and affected passengers being processed through the T1 international and T2 domestic terminals, during which time the Sydney Airport instructed travellers to avoid the terminals until further notice.

As a result of the IT issue, queues began to form inside and outside the terminals with many travellers taking to social media to voice their frustration.

While IT audits help you to ensure that your systems optimally support your organisation’s strategic vision, not all IT audits are the same. This is why at eStorm we conduct a variety of technological audits that are customised to your business that address security, compliance, performance and risk. Concurrently, our IT audit consultants contribute to your organisation’s risk assessment process.

Every organisation needs to balance its technological needs- including speed, ease of use and convenience, against their critical need to keep information safe and secure from an increasing variety of sophisticated threats and potential liabilities.

If you are involved in the education sector, the ‘Shared iPad’ feature could be what you have been waiting to hear about for a long time…

Apple’s newly released iOS 9.3 software update is one of the best new advancements for the education sector as it changes the way iPads are used in the classroom.

As the name suggests, the ‘Shared iPad’ feature lets students share iPads. It is designed for schools where cost or policy concerns prevent the implementation of a one-iPad-per-student program. With the new update, students are able to login to an iPad, similar to logging onto their user account on a laptop or desktop. The result is that a student’s apps, content and progress through various tasks will be available, regardless of which iPad they actually use.

There is also a Photo ID feature that allows teachers to see which student most recently used a particular iPad, which should avoid delays related to downloading content and could help optimise on-device storage.
Students will have a four-digit login, similar to an iPhone passcode to login to their account, making it easier for younger students to remember.

As well as this, the iOS 9.3 update also features a new Classroom App that allows teachers to see what students are doing on iPads in the classroom. Teachers can also remotely launch and lock apps, and share student work on a classroom display connected to an Apple TV.

This is the first time Apple have shown an interest in allowing iOS devices to be shared and could be a big step in the right direction for them.

This new update is a breakthrough for digital learning and we look forward to putting it into practice.

If you would like to know more about this, or want to having it implemented in your classroom, please contact the eStorm office today.